xkcd explains the Heartbleed bug

Webcomic xkcd does an excellent job of explaining the “Heartbleed” bug:

If you know something about programming this is bug is the result of dynamic memory and lack of bounds checking. It allows the server to return the contents of RAM that may include information like passwords, login ids, etc. that are normally not visible externally. If you’ve recently logged in your information could easily still be in RAM and vulnerable but if you haven’t it’s likely nothing of yours remains. It’s all dependent on whether or not someone has determined a particular server is vulnerable and exploited the bug.

So what should you do? First, check this list on Mashable. If there’s a site you use frequently and it’s marked as vulnerable, change your password now. Otherwise, you can probably take your time but still change it. Consider using a password manager like 1Password or LastPass to make creating and managing passwords easier. Turn on multi-factor authentication where available. Also consider a personal password expiration policy. Yes, I know it’s a pain but if you use a password manager generating a new password is painless.

Security isn’t a “set it and forget it” thing, it’s an ongoing process.

A modern port of Star Trek 1971 text game

When I was living in the dorms at RIT back in the 70s a friend of one of the guys on my floor had a portable teletype and acoustic modem combination that he borrowed under the pretext of doing some Fortran programming but instead used to play the Star Trek 1971 text game.  How he got away with it is beyond me but we were all absolutely fascinated with the game*.  Now it’s available again as source but coded in C# so you’ll need an appropriate compiler and build environment (you must join the site to download the code).



*Consider that Pong was state of the art at the time in video games and you’ll understand how a text game could be so compelling.

Nest’s smoke alarm stumble (and creepy capability)

I’ll be honest, I haven’t been paying much attention to the Nest smoke alarm because, like its thermostat, it solves a problem I don’t have. But a lot of people have been attracted to the devices because of their emphasis on design and user interface. After all, Google didn’t buy the company because it wanted to get into the thermostat business.

Unfortunately, in the case of the smoke alarm that emphasis might have blinded them to more practical matters. The alarm was designed to be silenced when you wave your hands underneath it, thus eliminating that annoying issue that often crops up when you’re cooking something that gives off even a little bit of smoke. But Nest forgot something pretty important, people have a tendency to wave their arms around when there’s a real fire. To their credit they’ve temporarily halted sales while they investigate. But now here comes the creepy part.

They remotely turned off the hand waving sensing on any alarm connected to the Internet via WiFi. In other words, Nest (and now Google) has the ability to control your smoke alarm without your knowledge. Sure, this is a situation where doing so makes perfect sense, but as I’ve often said if Nest can access your smoke alarm over the Internet, someone else can as well.

A smartwatch concept goes minimal

One of the things I don’t particularly like about most of the current smartwatches is that they are as complicated as the smartphones they work with. The form factor just doesn’t lend itself to complicated input and output. But the concept for the Span smartwatch takes a more minimalistic approach and requires less effort to gather information. The setup of the hands will take some getting used to, though.

It’ll be interesting to see if they can take it to market.

Big-box stores make billions off food stamps

Food stamp recipients are a frequent target of the right, who consider them lazy moochers and look to cut their benefits whenever possible. But the reality is that a lot of those recipients are employed, but with jobs that fail to pay a living wage. Many of those jobs are with big-box retailers like Wal-Mart who happen to make billions off food stamps. Except no one at Wal-Mart (or its competitors) and the federal government will ever say so or how much.

New York Public Library Puts 20,000 Hi-Res Maps Online

Not only has the New York Public Library put 20,000 hi-res maps online (as well as free to download), they have included a “warping” feature which allows you to overlay historical maps over modern tools.

Not all of the maps have been set up for warping yet so the search capability allows you to filter results for that if you want. I was able to find a map for downtown Rochester in 1838 and view it as an overlay in Google Earth. It was interesting to see how some names of streets have changed over the years while some have remained the same. Accuracy will vary depending on the number of control points they were able to identify and match but it’s still pretty amazing regardless. I’ve been looking for something like this for many years.